Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later
AnalysisAI
Remote command execution in QuNetSwitch versions prior to 2.0.4.0415 allows unauthenticated attackers to execute arbitrary system commands over the network with no user interaction required. The vulnerability stems from improper input validation in command processing functions, enabling complete system compromise. No patch is currently available for affected versions.
Technical ContextAI
The vulnerability exists in QNAP QuNetSwitch (CPE: cpe:2.3:a:qnap_systems_inc.:qunetswitch:*:*:*:*:*:*:*:*), a network switch management application developed by QNAP Systems Inc. The root cause is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), which describes situations where user-supplied input is insufficiently sanitized before being passed to system command execution functions. The vulnerability likely exists in a web-based management interface or API endpoint where user input is directly incorporated into shell commands without proper escaping or validation, allowing an attacker to break out of the intended command context and inject arbitrary shell metacharacters and commands.
RemediationAI
Immediately upgrade QuNetSwitch to version 2.0.4.0415 or later as provided by QNAP in the official security advisory (https://www.qnap.com/en/security-advisory/qsa-26-11). If immediate patching is not possible, restrict network access to the QuNetSwitch management interface to trusted administrative networks only, disable remote access if not required, and implement network segmentation to isolate switch management traffic. Monitor access logs for suspicious command patterns or unusual administrative activity until patching can be completed.
More in Qunetswitch
View allA vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP
QuNetSwitch contains hard-coded credentials that allow remote attackers to bypass authentication and gain unauthorized a
Command injection in QuNetSwitch allows authenticated remote attackers to execute arbitrary commands on affected systems
Arbitrary command execution in QuNetSwitch can be achieved by local attackers with administrator privileges due to insuf
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13716